Solved

VPN not working with TMG 2010

Posted on 2012-04-04
11
1,464 Views
Last Modified: 2012-05-05
Dear All,

I have TMG 2010 standalone array (2 servers), I configure the VPN, when I try to connect using VPN, it’s work fine, I can connect, but still I can’t see anything in my network.

When I check TMG, I found the error attached.

I attached the network configuration in my TMG servers and the Route Print.

What I have to do to make them work?

Thanks
route-print.JPG
IP-for-VPN-in-TMG.JPG
Internal-Addresses.JPG
error.JPG
0
Comment
Question by:ACS2012
11 Comments
 
LVL 6

Accepted Solution

by:
emadallan earned 250 total points
ID: 37805365
0
 
LVL 2

Assisted Solution

by:jpvargassoruco
jpvargassoruco earned 250 total points
ID: 37805774
IP-for-VPN-in-TMG.JPG here I can see that you are using a diferent range of IP addresses, This range needs to be a part of this Internal-Addresses.JPG
Hope it helps
0
 

Author Comment

by:ACS2012
ID: 37814624
Hi all,

Now the VPN is work without error in the TMG, I can connect via the VPN and I can see my connection in the TMG server.

But i’m facing a problem; I can’t access anything in my network.

I check the IP taken via the VPN, it’s the same from the list which I specify in the VPN configuration.
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37815625
try to create a dns rule in your both side of TMG that allow : source internal lan+ localhost+ vpnsite1 to connect to destination of your vpn site2 and vice versa
0
 

Author Comment

by:ACS2012
ID: 37815664
hi emadallan,

how i can do that?

is there a requirements to add a static route for the VPN IP range?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 6

Expert Comment

by:emadallan
ID: 37815676
no, it's not a problem of static route, just open your TMG Console and add a firewall rule that allow dns, smb(in case u want to access sharing files) protocols in both side of TMG
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37815687
this is an URL that describe the principales of creating a firewall rules, then you specify the protocols you want:
http://retrohack.com/let-me-out-configuring-outbound-access-rules-in-tmg-2010/
0
 

Author Comment

by:ACS2012
ID: 37815721
i already have a rule to allow everything between internal and VPN users
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37816843
even if you have everythings rule!! it will not works, so create a specific rule as mentioned and make its priority before the everythings rule!!
0
 

Author Comment

by:ACS2012
ID: 37818883
i'm still face the same problem, the VPN user is connected but i can't access anything in the network.

please see the attached.
1.JPG
2.JPG
3.JPG
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 37825242
You could try looking at the session, with TMG logging, monitor for the username in question - Clientusername.

Other thing, do other router know for TMG VPN users network 172.16.105.1 - .125?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now